After stealing over 100 million customer email addresses from the likes of JPMorgan Chase & Co, E*Trade Financial Group, Scottrade Financial Services and Dow Jones & Co, thieves sent fraudulent email correspondence touting the value of penny stocks.
That correspondence had the effect of driving up the price of those stocks which the thieves had previously purchased at a low price. Once the stocks increased in value, the thieves sold their position and pocketed the profit. These hackers and their conspirators generated millions of dollars in illicit proceeds on this pump-and-dump stock scheme.
Hacking email addresses is relatively easy compared to, say, stealing credit card information. Creating a flood of made-up Internet posts is relatively easy as unsuspecting investors search for stock performance information. And the kicker is that buying low and selling high is not an illegal activity. Artificially boosting a stock’s value, however, is.
So what lessons are to be learned from this recent cyber breach?
- Your email address, for the most part, should be considered public knowledge. Scrutinize each inbox entry and always assume the worst, even if the message appears to come from a trusted source.
- Articles and information published on the internet is not sanctioned. Question every link. Look for clues to authenticity like the URL listing, whether it comes from a secure site (https), and other discriminating characteristics.
- Consider subscribing to an identity protection service like AllClear ID (allclearid.com).
- If you’re a business owner, tighten your security by implementing a security management program that will work to lower your security risk.
- Assume cyber theft will occur at your business and take appropriate steps to prepare. Heed Bob Mueller’s (FBI) advice: There are two types of businesses, those that have been hacked and those that will be.
The good news is that most of the core hacking team of three have been identified and two have been taken into custody. The third is on the run. The bad news is that duped investors may not be able to recover their lost investment.
To read the complete article, click here.
Orion Group Managed Services offers Security Management consulting support and assists our customers in its design and implementation. Contact us today!